Sign up for our weekly security newsletter

Disclosure of More Breaches Earlier into TJX Cos. Systems

TJX Cos. Inc., a retailer, said until now, it knew about the intrusion only during May 2006 to January 2007. But, it believes, there have been previous intrusions too in July 2005 and on many subsequent dates in the same year.

The company reported there was unauthorized access of portions of credit and debit card data during transactions at its Puerto Rican and U.S. stores from January 2003 through June 2004 and from credit card-only transactions at the Canadian stores in the same period.

The unauthorized accessed credit and debit card data did not include names and addresses of the customers. The Company believes the theft did not affect debit personal identification numbers (PIN), information from transactions at Bob Stores or transactions through debit cards from Canadian banks.

The firm realized that the hacker(s) intercepted drivers' license numbers along with names and addresses at Puerto Rican and U.S. T. J. Maxx, Marshalls and HomeGoods stores during Sept- Dec 2003 and May-June 2004.

TJX found evidence of earlier intrusions into the computer system handling transactions in Britain and Ireland T.K. Maxx stores. Currently, 50 or more computer security experts are jointly working with TJX to conduct the investigations, said CEO Carol Meyrowitz, according to report in The Associated Press.

This update by TJX comes after its announcement on January 17, 2007 that someone hacked its computer system exposing credit and personal information of customers to abuse. The retailer took a month to announce the breach, saying it was working with security experts to solve the problem.

Customers have been reporting unauthorized use of their data and have even filed class-action suits. TJX still has not disclosed the number of affected customers as the probe is still on. The Company declined to divulge details of actual losses. It prompted countrywide banks to reissue credit and debit and cards to fend off further fraud.

The retailer plans to notify affected customers owning driver licenses. It has asked its customers to check for any suspicious transactions on their credit card and bank accounts. Meanwhile, the company will keep posting updates on its website.